Best ways to safeguard financial identity6 min read . Updated: 17 Feb 2016, 01:57 AM IST
Identity theft is rampant and can be difficult to detect. Follow these steps to protect your money
Majority of fraud cases in retail financial transactions are due to identity theft. These accounted for about 77% of all detected fraud cases in the first quarter of 2015, according to a report, Fraud Report 2016, by Experian India, a credit information agency. Experts agree that as use of Internet increases in day-to-day financial affairs, cybercrime is also increasing.
“According to KPMG’s Cybercrime Survey Report 2015, cybercrime has dramatically evolved in nature and scope in the last few years with cybercrime syndicates using tools of online deception such as spoofed emails for speak phishing attacks, and spam emails with malware to attack enterprises," said Suveer Khanna, partner-forensics, KPMG in India. This study also revealed that 63% of the over 250 respondents (senior management) indicated that crimes resulted in financial loss while 55% said sensitive information was stolen.
Online money transactions are a way of life, so it’s important to understand what identity theft is, how it takes place and what you can do to protect yourself.
What is identity theft?
Fraudulently using another person’s name and personal information for financial gain is identity theft. “One of the main purposes is to get a financial advantage by posing as another person. This includes using stolen bank or credit cards to purchase goods or obtain funds, apply for credit, or otherwise get financial gain from the misappropriation of another’s identity," said Vishesh Dhingra, chief operating officer, Fastacash, a Singapore-based financial technology (fintech) company that focuses on mobile payments.
There are various ways fraudsters can steal your identity. “Using another person’s personal information while opening new accounts, using another person’s account numbers or credit card details to buy products or extract funds illegally from a person’s bank account, are some of the ways identity theft can happen," said Khanna.
How does it happen?
As technology evolves, the ways in which sensitive information is stolen has also changed. Here are some common ones.
Canning or dumpster diving: Thieves get into your trash (literally) to get information from discarded documents such as receipts, bills, and bank statements, thrown in the dustbin. This is then used to impersonate you to secure financial products such as loans and credit cards.
Vishing, phishing and smishing: Vishing is when someone calls you on your phone to get information. “Phishing involves emails from imitation or spoofed email IDs sent to customers to extract their online banking credentials and card details," said Khanna. In smishing, someone sends text messages to your phone to get personal information. Generally, fraudsters pretend to call or send mails and messages from an institution or entity that you are currently associated with such as banks and other types of lenders.
Hacking: Fraudsters can hack into your computer or laptop, mobile or devices such as a tablet, to steal personal information. Hackers often install malware such as keystroke logging software (records keystrokes and websites and takes screenshots), which helps them get information without you noticing.
Malware attacks or data breach: It is more beneficial to steal information from large organisations that might have details of millions. Cyber thieves attack databases or websites of such institutions to obtain sensitive information. “Malware-based attacks include malware injected on banks’ websites to extract customer banking information during a transaction. ATMs may be infected with malware to eject money. It can also be injected in mobile banking apps," said Khanna.
Cyber thieves can obtain information from any financial product such as bank account, credit card or loan account. “Victims’ personal identification documents such as PAN (permanent account number), password, voter ID and others are used to secure cards or bank accounts. Once the transaction is done, it is difficult to track the culprits since they are invisible in the entire transaction," said Rajiv Raj, co-founder and director, CreditVidya, a credit advice and planning company.
What if you take a hit?
The first thing to do is to inform the associated institution. For instance, if your bank account is compromised, contact your bank immediately. “Make it a point to note the complaint number filed with the bank. Also inform the bank of all transactions not carried out by you to ensure timely and accurate reversals," said Khanna.
Next, file a complaint with legal authorities. “Raise a complaint with the local police. Banks or card issuers have a policy to verify transactions and if they are convinced, they will reverse the transaction made through a credit card. Transactions from your debit card, however, are not reversible," said Raj.
If you find that your mobile phone has been hacked, try to stop access to sensitive information. “Secure the device. This can mean using a pre-installed app to remotely lock the phone or wipe the phone of all programmes and restore factory settings. Google and Apple have instructions online to remotely wipe data from phones if they are lost or stolen," said Dhingra.
The next step is to access a credit report from any credit information bureau. Look for unusual transactions; if you notice anything, report it. “To make a correction in the credit report, the consumer will have to send an information rectification request to the relevant bank as well as an update to the bureau. As per the Credit Information Companies (Regulation) Act 2005, the process of updating credit information should be done within 30 days after being requested to do so," said Mohan Jayaraman, managing director, Experian Credit Information Company of India Pvt. Ltd.
You can do more. “The consumer can also add a statement to her credit report about the objected fraudulent transaction so that other banks are aware of it when they pull the credit report," said Manish Sinha, India country leader, Equifax Credit Information Services Pvt. Ltd.
Always shred documents such as credit card statements or ATM transaction slips, that contain sensitive information before you throw them in the trash. Never log into bank accounts and other such websites using public WiFi facility. “Verify the website’s name before passing on information. Don’t just click on a link; instead type the website address in the browser to avoid getting redirected to fake websites. Check whether the website connection starts with ‘http’ or ‘https’. The ‘s’ stands for secure," said Khanna.
Strong passwords are important. Don’t use the same password for two or more accounts.
Remember that no entity such as a bank seeks sensitive information over phone or email.
Install an anti-virus software on your phone as well. “Apple and Google test apps for malicious programmes and codes before posting to their stores. So, download apps only from the official Android Play Store or the Apple App store. Also, be cautious about jailbreaking (removing software restrictions imposed by operating system) your phone, as this increases your ability to access non-verified apps, which can contain malicious code," said Dhingra.
Some banks have launched initiatives to help consumers. “They can access useful information through the microsite www.dbs.com/act. It educates consumers on different ways identity thefts take place, tips to safeguard smartphones, precautions to take for safe online shopping experience, and more," said Sheran Mehra, senior vice-president, DBS Bank. “The bank also has an association with Asian School of Cyber Laws through which consumers can log in to the microsite and enrol for a free online course on cyber laws," she added.
Keep monitoring your credit reports and bank statements for unusual or suspicious transactions. Sometimes the identity theft is known only years after it happens. As Dhingra says “mobiles used as our calendars, social organizers, bankers and storefronts means that they contain a rich data set for identity thieves." So, secure your device.
But self-vigilance can also be effective. You could consider identity theft detection apps such as LogDog: Stop Hacker Intrusion, Cerberus anti-theft, and Identity Guard.
Take steps to protect yourself and act quickly if you think your identity has been stolen. It could make the difference between being safe or losing money.